Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

facebook twitter Wordpress Blog

What Are EULAs and Why Should I Read Them?

What Is a EULA?

An End User License Agreement (EULA) is a legal contract between a software application author or publisher and the user of that application. The EULA, often referred to as the "software license," is similar to a rental agreement. The user agrees to pay for the privilege of using the software, and promises the software author or publisher to comply with all restrictions stated in the EULA.

The user is asked to indicate they "accept" the terms of the EULA by opening the shrink wrap on the application package, breaking the seal on the CD case, sending a card back to the software publisher, installing the application, executing a downloadable file, or by simply using the application.

"The user can refuse to enter into the agreement by returning the software product for a refund or clicking I do not accept when prompted to accept the EULA during an install." (From http://searchsystemsmanagement.techtarget.com/sDefinition/0,,sid20_gci341294,00.html, author Brent J. Roraback)

Top of page

Why Should I Read EULAs?

EULAs started out as simple license agreements. They included disclaimers about liability and bugs, clauses about how many copies of the software the user could have, etc.

Many EULAs today have become more restrictive. They can prevent users from disclosing benchmarks of the software (1), and could potentially give companies the power to delete files from your computer.

Top of page

MS-Windows

A recent EULA from Microsoft (bundled in Windows XP Service pack 1 and 3) gives authorization that:

"...Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer" (2)

That license appears to give Microsoft the right to install any software without your consent if and when they like. A 'critical' security update for Windows Media Player includes another (similar) EULA that includes the text:

"Microsoft may provide security related updates...that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer." (3)

That one leaves you in a lovely catch-22:

  • Option #1: You agree to the terms. This means that Microsoft can (at any time), flip a switch and disable any program they want on every computer running Windows + this security pack.
  • Option #2: You do not install the update and you have a gaping security hole, so someone can come and break into your computer.

Top of page

What about Apple?

Apple's EULAs for Mac OS 9 and Mac OS X seem to be pretty reasonable. Here's the gist of the single-use license for Mac OS X:

  • You get a license for the software for one computer.
  • You can't reverse engineer the software.
  • You cannot use the software for Air Traffic Control or to run nuclear facilities.
  • You can sell the license (plus the media).
  • The media you bought (CD, DVD, etc.) has a 90-day warranty.
  • Generic disclaimer: You are using the software at your own risk.
  • Apple has limited liability.
  • You cannot sell the software to embargoed countries/people.
  • Third-party software bundled with Mac OS X has licensing terms listed online.

Top of page

What about the Unices (UNIX, Solaris, Linux, BSD, Etc)?

Different "UNIX" platforms have different licenses.

The core of the Linux operating system is available under the GPL (see GNU General Public License).

The BSD operating system is available under the BSD license (see The BSD License). The Sun/Solaris licensing scheme used to be OK, but recently there was a change to the EULA for java:

"You acknowledge that the Software may automatically download, install, and execute applets, applications, software extensions, and updated versions of the Software from Sun ("Software Updates"), which may require you to accept updated terms and conditions for installation." (4)

That sounds a lot like the "Security Update" from Microsoft above. Please note that this seems to apply to any system on which you install java (not just Solaris, but MS-Windows, Macintosh, Linux, IRIX, AIX, etc.).

Top of page

Other Software Manufacturers

If you are using a piece of software on one of the Northstar or central computing machines, feel free to contact us about the terms of that EULA.

If you are using KeyServed software from PUBLIC or WILSON, you should be able to read the EULA during the installation process.

You can check with other software manufacturers to determine what EULA is bundled with their software.

Top of page

Your Liability

As always, I am not a lawyer, but a recent post on slashdot (5), indicates that Windows 2000 + SP3 (that is service pack #3) might not be HIPAA compliant.

HIPAA (The Health Insurance Portability & Accountability Act of 1996) has certain security requirements for patient data, and allowing a separate entity (read: Microsoft) the ability to (inadvertently) read documents on your system would be in breach of that Act.

If you are dealing with patient data (DHMC, DMS), it might not be a bad idea to see if you have to deal with HIPAA or similar regulations. Check with your legal office if you do not know what policies or regulations you need to follow.

Top of page

Summary

Be careful when you click "through." You would not sign a legal document before reading it over carefully, so read the text of the EULA for each piece of software.

If you are not sure what the EULA means, feel free to contact us.

Top of page

References

  1. More MS EULA Fun
  2. Microsoft EULA Asks For Root Rights—Again
  3. Microsoft's Digital Rights Management—A Little Deeper
  4. Is Win2K + SP3 HIPPA Compliant?

Top of page

Last Updated: 9/24/10